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Abstract 

Decidability of definitional equality and conversion of terms into canonical form play a central role 
in the meta-theory of a type-theoretic logical framework. Most studies of definitional equality are 
based on a confluent, strongly-normalizing notion of reduction. Coquand has considered a different 
approach, directly proving the correctness of a practical equivalence algorithm based on the shape 
of terms. Neither approach appears to scale well to richer languages with unit types or subtyping, 
and neither directly addresses the problem of conversion to canonical form. 

In this paper we present a new, type-directed equivalence algorithm for the LF type theory that 
overcomes the weaknesses of previous approaches. The algorithm is practical, scales to more ex- 
pressive languages, and yields a new notion of canonical form sufficient for adequate encodings of 
logical systems. The algorithm is proved complete by a Kripke-style logical relations argument 
similar to that suggested by Coquand. Crucially, both the algorithm itself and the logical relations 
rely only on the shapes of types, ignoring dependencies on terms. 
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1 Introduction 



At present the mechanization of constructive reasoning relies almost entirely on type theories of 
various forms. The principal reason is that the computational meaning of constructive proofs is an 
integral part of the type theory itself. The main computational mechanism in such type theories is 
reduction, which has therefore been studied extensively. 

For logical frameworks the case for type theoretic meta-languages is also compelling, since 
they allow us to internalize deductions as objects. The validity of a deduction is then verified 
by type-checking in the meta-language. To ensure that proof checking remains decidable under 
this representation, the type checking problem for the meta-language must also be decidable. To 
support deductive systems of practical interest, the type theory must support dependent types, that 
is, types that depend on objects. 

The correctness of the representation of a logic in type theory is given by an adequacy theorem 
that correlates the syntax and deductions of the logic with canonical forms of suitable type. To 
establish a precise correspondence, canonical forms are taken to be /3-normal, r/-long forms. In 
particular, it is important that canonical forms enjoy the property that constants and variables of 
higher type are "fully applied" — that is, each occurrence is applied to enough arguments to reach 
a base type. 

Thus we see that the methodology of logical frameworks relies on two fundamental meta- 
theoretic results: the decidability of type checking, and the existence of canonical forms. For 
many type theories the decidability of type checking is easily seen to reduce to the decidability of 
definitional equality of types and terms. Therefore we focus attention on the decision problem for 
definitional equality and on the conversion of terms to canonical form. 

Traditionally, both problems have been treated by considering normal forms for /3, and possibly 
77, reduction. If we take definitional equality to be conversion, then its decidability follows from 
confluence and strong normalization for the corresponding notion of reduction. In the case of 
/3-reduction this approach to deciding definitional equality works well, but for /3r?-reduction the 
situation is much more complex. In particular, /3r?-reduction is confluent only for well-typed terms, 
and subject reduction depends on strengthening, which is difficult to prove directly. 

These technical problems with /3r/-reduction have been addressed in work by Salvesen [Sal90], 
Geuvers [Gcu92] and later with a different method by Goguen [Gog96], but nevertheless several 
problems remain. First, canonical forms are not /3r?-normal forms and so conversion to canonical 
form must be handled separately. The work by Dowek et al. [DHW93] shows how to do this for 
the Calculus of Constructions, but it is not clear that their approach would scale to richer theories 
such as those including linear types, unit types, or subtyping. Second, the algorithms implicit in 
the reduction-based accounts are not practical; if two terms are not definitionally equal, we can 
hope to discover this without reducing both to normal form. 

These problems were side-stepped in the original paper on the LF logical framework [HHP93] 
by restricting attention to /3-conversion for definitional equality. This is sufficient if we also restrict 
attention to 77-long forms [FM90, Cer9£]. This restriction is somewhat unsatisfactory, especially in 
linear variants of LF []CP98 l . 

More recently, ^-expansion has been studied in its own right, using modification of standard 
techniques from rewriting theory to overcome the lack of strong normalization when expansion is 
not restricted |JG95, |Gha97 |, In the dependently typed case, even the definition of long normal 
form is not obvious [DHW93] and the technical development is fraught with difficulties. We have 
not been able to reconstruct the proofs in [Gha97| and the development in [Vir9S] relies on a 
complex intermediate system with annotated terms. 
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To address the problems of practicality, Coquand suggested abandoning reduction-based treat- 
ments of definitional equality in favor of a direct presentation of a practical equivalence algo- 
rithm [poq91 |. Coquand's approach is based on analyzing the "shapes" of terms, building in the 
principle of extensionality instead of relying on 77-reduction or expansion. This algorithm improves 
on reduction-based approaches by avoiding explicit computation of normal forms, and allowing for 
early termination in the case that two terms are determined to be inequivalent. However, Co- 
quand's approach can not be easily extended to richer type theories such as those with unit types. 
The problem can be traced to the reliance on the shape of terms, rather than on their classifying 
types, to guide the algorithm. For example, if x and y are two variables of unit type, they are 
definitionally equal, but structurally distinct. Moreover, their canonical forms would be the sole 
element of unit type. More recently, Compangnoni and Goguen [CG99] have developed an equality 
algorithm based on weak head-normal forms using typed operational semantics for a system with 
bounded operator abstraction. It is plausible that their method would also apply to LF, but, again, 
type theories with a less tractable notion of equality are likely to present problems. 

In this paper we present a new type-directed algorithm for testing equality for a dependent type 
theory in the presence of (3 and 77-conversion, which generalizes the algorithm for the simply-typed 
case in [Pfe92|. We prove its correctness directly via logical relations. The essential idea is that we 
can erase dependencies when defining the logical relation, even though the domain of the relation 
contains dependently typed terms. This makes the definition obviously well-founded. Moreover, 
it means that the type-directed equality-testing algorithm on dependently typed terms requires 
only simple types. Consequently, transitivity of the algorithm is an easy property, which we were 
unable to obtain without this simplifying step. Soundness and completeness of the equality-testing 
algorithm yields the decidability of the type theory rather directly. 

Another advantage of our approach is that it can be easily adapted to support adequacy proofs 
using a new notion of quasi- canonical forms, that is, canonical forms without type labels on A- 
abstractions. We show that quasi-canonical forms of a given type are sufficient to determine the 
meaning of an object, since the type labels can be reconstructed (up to definitional equality) from 
the classifying type. Interestingly, recent research on dependently typed rewriting [ VirQSf has also 
isolated equivalence classes of terms modulo conversion of the type labels as a critical concept. In 
some of the original work on Martin-L6f type theory [|NPS9C l and some subsequent studies [Str91|, 
type theories without type labels have been studied, but to our knowledge they have not been 
considered with respect to bi-directional type-checking or adequacy proofs in logical framework 
representations. 

There is now significant evidence that our construction is robust with respect to extension of the 
type theory with products, unit, linearity, sub typing and similar complicating factors. The reason 
is the flexibility of type-directed equality in the simply-typed case and the harmony between the 
definition of the logical relation and the algorithm, both of which are based on the erased types. 
The first author and Stone | SH0C| 1 have concurrently developed a variant of the technique presented 
here to handle a form of subtyping and singleton kinds. A number of papers subsequent to the 
original technical report describing our construction [ HP99fl have clearly demonstrated that the 
proposed technique is widely applicable. Vanderwaart and Crary [VC01] have adapted the ideas 
with minor modifications to give a proof of the decidability for linear LF that is stronger than the 
original one [CP95] since it does not require 77-long forms from the start. The further adaptation 
to the case of an ordered linear type theory [PolOl] provides further evidence. Finally, the second 
author has adapted the technique to prove decidability and existence of canonical forms for a type 
theory with an internal notion of proof irrelevance and intensional types [PfeOl]. We conclude that 
our technique is directly applicable for a large class of dependent type theories where equality at 
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the level of types is directly inherited from equality at the level of objects. 

Despite this robustness for a whole class of extensions of the LF type theory, there are likely 
to be difficulties in applying our techniques in the impredicative setting, or even in the case of 
predicative universes. It is essential to our method that injectivity of products can be proved 
without first proving subject reduction and a Church- Rosser theorem; the reverse is the case for 
pure type systems [ |Bar92| , Geu92 ], 

More generally, it is not clear how to apply our ideas when faced with a complex notion of 
equality at the level of types unless it is directly inherited from the level of objects. Our formulation 
of LF omits type-level A-abstraction precisely so we can prove injectivity of products at an early 
stage. Note that this is not a restriction from the point of view of our applications: Geuvers and 
Barendsen [GB9S] have shown that LF without family level A-abstraction is just as expressive as full 
LF. However, Vanderwaart and Crary [VC01] have shown that Coquand's technique for handling 
type-level A-abstractions can be adapted to our proof by carrying out a separate, second logical 
relations argument. We suspect that this may be extended to the case of predicative universes, but 
the impredicative case is likely to require completely new ideas as discussed in the conclusion. 

Our approach is similar to the technique of typed operational semantics of Goguen [ pog94| , 
Gog9S] in that both take advantage of types during reduction. However, as pointed out by 
Goguen [Gog98], the development of the complete meta-theory of the LF requires the use of an 
untyped reduction relation. Our techniques avoid this entirely, fulfilling Goguen's conjecture that 
a complete development should be possible without resorting to untyped methods. 

The remainder of the paper is organized as follows. In Section ||] we present a variant of the 
LF type theory and investigate its elementary syntactic properties. It can be seen to be equivalent 
to the original LF proposal with /^-conversion at the end of our development. In Section || we 
present an algorithm for testing equality that uses an approximate typing relation and exploits 
extensionality. In Section |4] we show that the algorithm is complete via a Kripke-logical relation 
argument using approximate types. This is complemented by a corresponding soundness proof 
for the algorithm on well-typed terms in Section ||[ In Section ^ we exploit the soundness and 
completeness of the algorithm to obtain decidability for all judgments of the LF type theory with 
an extensional equality. In Section |?] we show how to extract quasi-canonical forms from our 
conversion algorithm. They differ from long /3?7-normal forms in that object carry not type labels. 
We show that this is sufficient for adequacy theorems in the logical framework since such type labels 
are determined uniquely modulo definitional equality. In the conclusion in Section |8] we discuss 
some possible limitations of our technique and mention some further work. 



2 A Variant of the LF Type Theory 

Syntactically, our formulation of the LF type theory follows the original proposal by Harper, Honsell 
and Plotkin [ HHP93| ], except that we omit type-level A-abstraction. This simplifies the proof of 
the soundness theorem considerably, since we can prove the injectivity of products (Lemma |l^) at 
an early stage. In practice, this restriction has no impact since types in normal form never contain 
type-level A-abstractions. This observation has been formalized by Geuvers and Barendsen []GB99 l. 
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2.1 Syntax 



Kinds 
Families 
Objects 

Signatures 

Contexts 



K 
A 

M 

E 

r 



type | Ilx-.A. K 

a | AM | YLx-.Ai. A 2 

c\x\ Ax:A M | Mi M 2 

• | E,a:K | E,c:A 

• I T,x:A 



We use if for kinds, A, B, C for type families, M, N, for objects, T, ^ for contexts and E for 
signatures. We also use the symbol "kind" to classify the valid kinds. We consider terms that differ 
only in the names of their bound variables as identical. We write [N/x]M, [N/x\A and [N/x\K for 
capture-avoiding substitution. Signatures and contexts may declare each constant and variable at 
most once. For example, when we write T,x:A we assume that x is not already declared in T. If 
necessary, we tacitly rename x before adding it to the context T. 



2.2 Substitutions 

In the logical relations argument, we require a notion of simultaneous substitution. 

Substitutions a ::= • | u, Mjx 

We assume that no variable is defined more than once in any substitution which can be achieved 
by appropriate renaming where necessary. We do not develop a notion and theory of well-typed 
substitutions, since it is unnecessary for our purposes. However, when applying a substitution a 
to a term M we maintain the invariant that all free variables in M occur in the domain of a, and 
similarly for families and kinds. 

We write idr for the identity substitution on the context T. We use the notation M[<j], A[a] 
and K[a] for the simultaneous substitution by a into an object, family, or kind. It is defined by 
simultaneous induction on the structure of objects, families, and kinds. 



x[a 
c[o~ 

(Xx:A. M)[a 
(M N) [a 

a[cr 
(AM)[a 
{Ilx-.A. B)[a 

typ e[cr 
{Ux:A. K)[u 



M where Mjx in a 

c 

Xx:A[a]. M[a,x/x] 
M[a] N[a] 



A[a] M[a] 
Ux:A[a\. B[a,x/x] 

type 

IIx:A[(t]. K[a,x/x] 



Extending the substitution a to (<r, x/x) may require some prior renaming of the variable x in order 
to satisfy our assumption on substitutions. 
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2.3 Judgments 

The LF type theory is defined by the following judgments. 



h S sig E is a valid signature 

\- s r ctx r is a valid context 

r h E M : A M has type A 

r h E A : K A has type K 

T \- s K : kind X is a valid kind 

T\- s M = N : A M equals N at type ^ 

r h s 4 = B : K A equals 5 at kind K 

V K = L : kind X equals L 

For the judgment V ctx we presuppose that S is a valid signature. For the remaining 
judgments of the form r h E J we presuppose that X is a valid signature and that V is valid in X. 
For the sake of brevity we omit the signature X from all judgments but the first, since it does not 
change throughout a derivation. 

If J is a typing or equality judgment, then we write J[a] for the obvious substitution of J by 
a. For example, if J is M : A, then J[a] stands for the judgment M[a] : A[a]. 

2.4 Typing Rules 



Our formulation of the typing rules is similar to the second version given in [HHP93]. In preparation 



for the various algorithms we presuppose and inductively preserve the validity of contexts involved 
in the judgments, instead of checking these properties at the leaves. This is a matter of expediency 
rather than necessity. 

Signatures 

h £ sig • h E K : kind h S sig • h E A : type 

h • sig hS,a:Ksig hS,c:j4sig 

From now on we fix a valid signature X and omit it from the judgments. 
Contexts 

h T ctx r h A : type 
hTctx hT,x:Actx 

From now on we presuppose that all contexts in judgments are valid, instead of checking it 
explicitly. This means, for example, that we have to verify the validity of the type labels in A- 
abstractions before adding them to the context. 
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Objects 



x:A in T c:A in S 

ThxiA rhc:i 

r h Mi : nx:^ 2 - -4i r h M 2 : i 2 

r h Mi M 2 : [M 2 /x]Ai 
r h Ai : type T, sc:Ai h M 2 : A 2 
T h Xx-.Ax. M 2 : nx:Ai. A 2 
Th M : A A = B : type 

ThM:B 

Families 

a:K in S fhi: Hx:ff. K T h M : g 

rha:if rhy4M:[M/x]K 

T h t4i : type T, x:^4i h ^4 2 : type 
T h Ilx:^!. A 2 : type 
r h A:K r h K = L: kind 



rhi:L 



Kinds 



Th A: type T, i:i h if : kind 



T h type : kind T h ILr:A if : kind 

2.5 Definitional Equality 

The rules for definitional equality are written with the presupposition that a valid signature £ is 
fixed and that all contexts T are valid. The intent is that equality implies validity of the objects, 
families, or kinds involved (see Lemma 0). In contrast to the original formulation in [HHP93], 



equality is based on a notion of parallel conversion plus extensionality, rather then /^-conversion. 
We believe this is a robust foundation, easily transferred to richer and more complicated type 
theories. Parallel conversion allows the equality judgment to be relatively independent from the 
typing judgment, thereby simplifying the completeness proof of our algorithm. It does not otherwise 
appear to be essential. The use of extensionality on the other hand is central. 

Characteristically for parallel conversion, reflexivity is admissible (Lemma ||) which significantly 
simplifies the completeness proof for the algorithm to check equality. We enclose the admissible 
rules are in [brackets]. Some of the typing premises in the rules are redundant, but for technical 
reasons we cannot prove this until validity has been established. Such premises are enclosed in 
{braces}. Alternatively, it may be sufficient to check validity of the contexts at the leaves of the 
derivations (the cases for variables and constants), a technique used both in the original presentation 
of LF flHHP93f and Pure Type Systems gagg ]. 
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Simultaneous Congruence 

x:A in T c:A in £ 



r h x = x : A rhc = c:i 

r h Mi = iVi : Ux:A 2 . A x T h M 2 = N 2 : A 2 
r h Mi M 2 = Ni N 2 : [M 2 /x\A 1 

V h A[ = Ai : type V h A" = A x : type I\ x:Ai h M 2 = iV 2 : A 2 
T h Ax: A[. M 2 = Ax: A". N 2 : ILc:Ai. A 2 

Extensionality 

rhAi:type {r h M : ILf:Al. A 2 } {T h N : Ux:Ai. A 2 } F,x:Ai \- M x = N x : A 2 

r h M = N : Ux:A 1 . A 2 

Parallel Conversion 

{r h A x : type} T, x:A x h M 2 = N 2 : A 2 T h Mi = JVi : A x 
r h (Ax:Ai. M 2 )Mi = [iVi/x]7V 2 : [M l /x]A 2 

Equivalence 

I .\/ A' : ,1 I' .\/ A' : ,1 I' V () : ,1 



rhJV = M:i rhM = 0:i 

r h M : A 



T h M = M : A 



Type Conversion 



r h M = N :A A = B : type 

r h M = N : B 



Family Congruence 



a:K in S 



rha = a:K 

rhA = 5: IIx:C. if T h M = iV : C 
rhiM = BJV: [M/x]if 

r h Ai = Bx : type {r h A x : type} I\ x:Ai h A 2 = B 2 : type 
T h nx:Ai. A 2 = Ux:Bx. B 2 : type 
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Family Equivalence 

ThA=B:K 
T \- B = A: K 



T \- A = B : K ThB = C:K 
F\- A = C :K 



T h A : K 
T h A = A : K 



Kind Conversion 



V \- A = B : K r h K = L : kind 
T h A = B : L 



Kind Congruence 



T h type = type : kind 
Fh A = B : type {T h A : type} T,x:Ah K = L : kind 
T h ILx:A. K = Ux:B. L : kind 

Kind Equivalence 

r h K = L : kind T h K = L : kind r h L = L' : kind 

T h L = K : kind T \- K = L' : kind 

" T h K : kind " 
r h K = K : kind 

2.6 Elementary Properties of Typing and Definitional Equality 

We establish some elementary properties of the judgments pertaining to the interpretation of con- 
texts. There is an alternative route to these properties by first introducing a notion of substitution 
and well-typed substitution. 

First we establish weakening for all judgments of the type theory. We use J to stand for any of 
the relevant judgments of the type theory in order to avoid repetitive statements. We extend the 
notation of substitution to all judgments of the type theory in the obvious way. For example, if J 
is N : B then [M/x]J is [M/x]N : [M/x]B. 

Lemma 1 (Weakening) // T, F h J then T, x:A, V h J. 

Proof: By straightforward induction over the structure of the given derivation. □ 

Note that exchange for independent hypotheses and contraction are also admissible, but we 
elide the statement of these properties here since they are not needed for the results in this paper. 
Next we show that reflexivity is admissible. 

Lemma 2 (Reflexivity) 

1. IfThM-.A then T h M = M : A. 
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2. IfT\-A:K then V h A = A : K. 

3. IfThK: kind then T h K = K : kind. 

Proof: By induction over the structure of the given derivations. In each case the result follows 
immediately from the available induction hypotheses. 

□ 

Next we prove the central substitution property. 

Lemma 3 (Substitution Property for Typing and Definitional Equality) 

Assume V, x:A, T' is a valid context. IfT\~M:A and T,x:A, T' h J then T, [M/x]V h [M/x]J. 

Proof: By straightforward inductions over the structure of the given derivations. □ 

The next lemma applies in a number of the proofs in the remainder of this section. 

Lemma 4 (Context Conversion) Assume T, x:A is a valid context and T h B : type. 
// T, x:A h J and T h A = B : type then F, x:B h J. 

Proof: Direct, taking advantage of weakening and substitution. 

r, x:B h x : B By rule (variable) 

r h B = A : type By symmetry from assumption 

r, x:B h x : A By rule (type conversion) 

T,x':A h [x'/x]J By renaming from assumption 

r, x:B, x':A h [x'/x]J By weakening 

T,x:B h [x/x'][x'/x]J By substitution property 

r, x:B h J By definition of substitution 

□ 

Besides substitution, we require functionality for the typing judgments. Note that a stronger 
version of functionality for equality judgments must be postponed until validity (Lemma 0) has 
been proven. We state this in a slightly more general form than required below in order to prove 
it inductively. 

Lemma 5 (Functionality for Typing) Assume T, x:A, V is a valid context, T h M = N : A, 
r h M : A, and T\- N : A. 

1. IfT,x:A,T' h P : B then T, [M/x]V h [M/x]P = [N/x]P : [M/x]B. 

2. IfT,x:A,V h B : K then T, [M/x]V h [M/x]B = [N/x]B : [M/x]K. 

3. If T, x:A, r' h K : kind then T, [M/x]V h [M/x]K = [N/x]K : kind. 

Proof: By a straightforward induction on the given derivation V in each case. We show some 
representative cases. 

Case: 



V = T,x:AS' hx:A 
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r h M = N : A 

r, [M/x]T' \- M = N : A 



Assumption 
By weakening 



Case: 

V 



y:B in T or T' 
F,x:A,r' hy: B 



y.B in T or y:\Mjx\B in [M/x]V By definition of substitution 

T, [M/x]V \~ y = y : [M/x]B By rule 

Case: 

V 1 V 2 
v= T, x:A, T'hP 1 : Iiy:B 2 . B x T, x:A, T' h P 2 : P 2 

r^Ar'hPxPs : [P 2 /y]5i 

T, [M/xjF h [M/x]Pi = [iV/j;]Pi : Uy:[M/x]B 2 . [M/x]B x By i.h. on V x 

T, [Af/x]r / h [M/x]P 2 = [N/x]P 2 : [M/x]P 2 By i.h. on V 2 

T, [M/x]F h ([M/x]Pi) ([M/x]P 2 ) = ([7V/x]Pi) ([N/x]P 2 ) : [([M/x]P 2 )/y]([M/x]Pi) By rule 
T, [M/x]T' h [M/x](Pi P 2 ) = [iV/x](Pi P 2 ) : [M/x]([P 2 /y]Pi) By properties of substitution 

Case: 

V x V 2 
v= T, x:A, T' h Pi : type T, x: A, T', y:B x h P 2 : P 2 

r,x:,4,r' h Ay:Pi. P 2 : Uy-.B^ B 2 

T, [M/x]r' h [M/x]Bi = [N/x]Bi : type By i.h. on V x 

T, [M/x]T,y:[M/x]B l h [M/x]P 2 = [iV/x]P 2 : [M/x]B 2 By i.h. on V 2 

T, [M/x]T h [M/x]Pi : type By substitution property 

T, [M/x]T h [M/x]Pi = [M/x]Pi : type By reflexivity 

T, [M/x]r h [N/x]Bi = [M/x]Bi : type By symmetry 

T, [M/x]T h Ay:[M/x]Pi. P 2 = Xy:[N/x)Bi. [N/x]P 2 : Uy:[M/x]Bi. [M/x]B 2 By rule 

Case: 

V l V 2 
v= T, x:A, T' h P : C T, x:A, V h C = B : type 



r.rAr' h P : P 

T, [M/x]T' h [M/x]P = [iV/x]P : [M/x]C By i.h. on 2?i 

T, [M/xjr' h [M/x]C = [M/x]B : type By substitution property 

T, [M/x]V h [Af/x]P = [iV/x]P : [M/x]P By rule (type conversion) 

□ 

We have to postpone the general inversion properties until validity (Lemma 0) has been proven. 
However, we need the simpler property of inversion on products in order to prove validity. 
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Lemma 6 (Inversion on Products) 

1. IfF h Ilx-.Ax. A 2 : K then F h A : type, and h ^4 2 : type. 

& // T h ILe:A K : kind then T h A : type and T, x:Ah K : kind. 

Proof: Part (|l]) follows by induction on the given derivation since it is stated for general kinds K. 
Part @ is immediate by inversion. □ 

Now we have the necessary properties to prove the critical validity property. Recall our general 
assumption that all signatures are valid. 

Lemma 7 (Validity) Assume V is a valid context. 

1. IfT\-M:A then T \- A : type. 

2. If TV- M = N : A, then F h M : A, F h N : A, and F h A : type. 

3. If F h A : K, then F h K : kind. 

I IfF\-A = B:K, then F h A : K, F h B : K, and F h K : kind. 
5. IfF\-K = L: kind, then F \- K : kind and F h L : kind. 

Proof: By a straightforward simultaneous induction on derivations. Functionality for typing 
(Lemma ||) is required to handle the case of applications. The typing premises on the rule of 
extensionality ensure that strengthening is not required. 

Case: 

Si £2 
£= F h Mi = Ni : Flx:A 2 . A x F h M 2 = N 2 : A 2 

F h Mi M 2 = Ni N 2 : [M 2 /x]A 1 

F h Mi : Fix:A 2 . A 1 
F h Nt : Fix:A 2 . A x 

F h Flx:A 2 . A\ : type By i.h. on £\ 
F h M 2 : A 2 
F h N 2 : A 2 

F h A 2 : type By i.h. on £ 2 

r, x:A 2 h ^4i : type By inversion on products (Lemma |6|) 

T h [JWjj/a;]^! : type By substitution property 

T h Mi M 2 : [M 2 /x]Ai By rule 

r h Ni N 2 : [JV 2 /a?]-Ai By rule 

T h [M 2 /a3]Ai = [N 2 /x]A 1 : type By functionality (Lemma ||) 

r h A^i JV2 : [M 2 /x]Ax By symmetry and type conversion 

□ 

With the central validity property, we can show a few other syntactic results. The first of these 
is that functionality holds even for the equality judgments. Since this can be proven directly, we 
state it in the more restricted form in which it is needed subsequently. 
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Lemma 8 (Functionality for Equality) Assume F,x:A is a valid context and F h M = N : A. 

1. IfF,x:A^O = P:B then F h [M/x]0 = [N/x]P : [M/x]B. 

2. IfF,x:A^B = C:K then F h [M/x}B = [N/x}C : [M/x]K. 

3. IfT,x:A^K = L: kind then F h [M/x]K = [N/x]L : kind. 

Proof: Direct, using validity, substitution, and functionality for typing. We show only the proof 
of part (0). 

r, x:A h O = P : B Assumption 

r h M = N : A Assumption 

r h M : A By validity 

r h N : A By validity 

T h [M/x}0 = [M/x]P : [M/x]B By substitution 

r, x:A h P : B By validity 

T h [M/x]P = [N/x]P : [M/x]B By functionality for typing (Lemma ||) 

T h [M/x]0 = [N/x]P : [M/x]B By rule (transitivity) 

At the level of objects it is also possible to derive functionality by introducing A-abstractions, 
applications, and parallel conversion. However, this is not possible at the level of families, since 
there is no corresponding A-abstraction. □ 

The second consequence of validity is a collection of inversion properties which generalize in- 
version of products (Lemma ^) . 

Lemma 9 (Typing Inversion) Assume T is a valid context. 

1. IfT\~x:A then x:B in T and T h A = B : type for some B. 

2. IfY\~c:A then c:B in T and V h A = B : type for some B. 

3. IfT\- Mi M 2 : A then V h M x : Ux:A 2 . A 1; F h M 2 : A 2 and F h [M 2 /x]A 1 = A : type for 
some A\ and A 2 . 

4. IfF\- Xx:A. M : B, then F h B = Fix:A. A' : type, F h A : type, and F, x:A h M : A'. 

5. IfF\- Flx:A\. A 2 : K then F h K = type : kind, r h A\ : type and F, x:A\ h A 2 : type. 

6. IfF\~a:K, then a:L in E and F h K = L : kind for some L. 

7. IfF\-AM:K, then F h A : Flx:At. K 2> F h M : A u and F \- K = [M/x]K 2 : kind. 

8. If TV- Fix:A\. K 2 : kind, then F h A\ : type and F, x:A\ h K 2 : kind. 

Proof: By a straightforward induction on typing derivations. Validity is needed in most cases in 
order to apply reflexivity. □ 

We can now show that some of the typing premises in the inference rules are redundant. 

Lemma 10 (Redundancy of Typing Premises) The indicated typing premises in the rules of 
parallel conversion, family congruence, and type congruence are redundant. 
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Proof: Straightforward from validity. 



□ 



Lemma 11 (Equality Inversion) Assume T is a valid context. 

1. IfF \- A = Ilx:Bi. B 2 : type or V h Ux:B\. B 2 = A : type then A = ILx:Ai. A 2 for some A 1 
and A 2 such that T h A\ = B\ : type and T, x:A\ h A 2 = B 2 : type. 

2. IfT\~K = type : kind or T h type = K : kind then K = type. 

3. If TV- K = Hx:Bi. L 2 : kind or T h U.x:B x . L 2 = K : kind then K = Ux:Ai. K 2 such that 
r h Ai = B\ : type and T, x:A\ h i^2 = -^2 : kind. 

Proof: By induction on the given equality derivations. There are some subtle points in the proof 
of part |l], so we show two cases. Note that adding a family-level A would prevent proving this result 
at such an early stage. 



Case: 



r h A = C : type 



£2 

r h C = Ux:B 1 . B 2 : type 



ThA = Ux:Bi. B 2 : type 



C = IIxiCi. C 2 for some C% and C2 such that 
r h Ci = Bi : type and 
r,x:Cih C 2 = B 2 : type 

^4 = IIxrAi. A 2 for some and A 2 such that 

r h Ai = Ci : type and 

T, x:A 1 h A 2 = C 2 : type 

r h Ai = Bi : type 

T, hC 2 = B 2 : type 

T, a::Ai h A 2 = B 2 : type 



By i.h. (|) on £ 2 



By i.h. (0) on A 
By rule (transitivity) 
By context conversion (Lemma 

By rule (transitivity) 



Case: 



£ 



£1 

r h A = Ux-.Bx. B 2 : K 



£2 

r h K = type : kind 



Th A = Ux:Bi. B 2 : type 



K = type 

^4 = nx:Ai. A 2 for some and A 2 such that 
r h Ai = i?i : type and 
T, x:A 1 h A 2 = B 2 : type 



By i.h. (|) on £ 2 
By i.h. (|) on 

□ 



Lemma 12 (Injectivity of Products) 

If T h rix:^i. ^2 = Tlx:B 1 . B 2 : type then T h Ai = B 1 : type and T, x:A x h A 2 = B 2 : type. 
£ I/r h nx:^i. = ILc:£i. L 2 : kind then V h A t = B x : type and T, x:A x h K 2 = L 2 : kind. 
Proof: Immediate by equality inversion (Lemma [TT| ) . □ 
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3 Algorithmic Equality 



The algorithm for deciding equality can be summarized as follows: 

1. When comparing objects at function type, apply extensionality. 

2. When comparing objects at base type, reduce both sides to weak head-normal form and then 
compare heads directly and, if they are equal, each corresponding pair of arguments according 
to their type. 

Since this algorithm is type-directed in case @j we need to carry types. Unfortunately, this makes 
it difficult to prove correctness of the algorithm in the presence of dependent types, because tran- 
sitivity is not an obvious property. The informal description above already contains a clue to the 
solution: we do not need to know the precise type of the objects we are comparing, as long as we 
know that they are functions. 

We therefore define a calculus of simple types and an erasure function ()" that eliminates 
dependencies for the purpose of this algorithm. The same idea is used later in the definition of the 
Kripke logical relation to prove completeness of the algorithm. 

We write a to stands for simple base types and we have two special type constants, type" and 
kind", for the equality judgments at the level of types and kinds. 



Simple Kinds k ::= type" | r — > k 
Simple Types r ::= a \ t\ — > T2 
Simple Contexts A ::= • | A,x:t 

We use r, 9, S for simple types and A, for contexts declaring simple types for variables. We 
also use kind - in a similar role to kind in the LF type theory. 

We write A~ for the simple type that results from erasing dependencies in A, and similarly K~ . 
We translate each constant type family a to a base type a~ and extend this to all type families. 
We extend it further to contexts by applying it to each declaration. 



(«)- 


= a 


(A M)~ 


= A~ 


{Jlx-.Ax. A 2 y 


= A^ 


(type)" 


= type" 


(Ux:A. K)~ 


= A- -> 


(kind)" 


= kind" 


(■)" 




(T,x:A)- 


= T~,x:. 



We need the property that the erasure of a type or kind remains invariant under equality and 
substitution. 

Lemma 13 (Erasure Preservation) 

1. If TV- A = B :K then A- = B~ . 

2. IfT\-K = L: kind then K~ = L~ . 
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3. IfT,x:A h B : K then B~ = [M/x]B~. 

4. IfT,x:A h if : kind tfien K~ = [M/x]K~. 

Proof: By induction over the structure of the given derivations. □ 

We now present the algorithm in the form of three judgments. 

M M' (M weak head reduces to M') Algorithmically, we assume M is given and compute M' 
(if M is head reducible) or fail. 

A h M -4=^ N : t [M is equal to N at simple type r) Algorithmically, we assume A, M, N, and r 
are given and we simply succeed or fail. We only apply this judgment if M and N have the 
same type A and r = A~ . 

A h M < — ► N : r (M is structurally equal to N) Algorithmically, we assume that A, M and N 
are given and we compute r or fail. If successful, r will be the approximate type of M and 
N. 

Note that the structural and type-directed equality are mutually recursive, while weak head reduc- 
tion does not depend on the other two judgments. 



Weak Head Reduction 



(Xx-.A,. M 2 ) Mi ^ [Mi/x]M 2 Mi M 2 ^ M[ M 2 

Type-Directed Object Equality 

M^M' AhM'^JV:a N ^ N' AhM^iV':a 



A h M <^=^> N : a Ah M -^=> N : a 

A\- M < — >N:a A,x:n h Mx Nx : r 2 



Ah M N : a Ah M N : t x -»• r 2 

Structural Object Equality 

x:t in A c:A in S 



A h x < > x : t A h c < y c : A 

A h Mi < > Ni:t 2 ^Ti A h M 2 <J=^ N 2 : r 2 

A h Mi M 2 < — > Ni N 2 : r x 

We mirror these judgments at the level of families. Due to the absence of A-abstraction at this 
level, the kind-directed and structural equality are rather close. However, in the later development 



and specifically the proof that logically related terms are algorithmically equal (Theorem 19), the 
distinction is still convenient. 
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Kind-Directed Family Equality 

A h A < > B : type - A, x:t h A x •<=>• B x : k 

A h ,4 B : type" Ah4^B:T^K 
A h j4i <==^> 5i : type" A, x:A{ h A 2 5 2 : type" 
A h IIx:^!. A 2 <^ Ux:B 1 . B 2 : type" 

Structural Family Equality 

a:K in S AhA< > B : t —> n AKM jV : r 

Aha< — >a:K~ Ah AM < — >,4iV:K; 

Algorithmic Kind Equality 

A h S : type" A, h K <=^ L : kind" 



A h type type : kind A h ILc:A K Ux:B. L : kind 

The algorithmic equality satisfies some straightforward structural properties. Weakening is 
required in the proof of its correctness. It does not appear that exchange, contraction, or strength- 
ening are needed in our particular argument, but these properties can all be easily proven. Note that 
versions of the logical relations proofs nonetheless apply in the linear, strict, and affine A-calculi. 

Lemma 14 (Weakening of Algorithmic Equality) 

For each algorithmic equality judgment J, if A, A' h J then A,x:t,A' h J. 

Proof: By straightforward induction over the structure of the given derivations. □ 

The algorithm is essentially deterministic in the sense that when comparing terms at base type 
we have to weakly head-normalize both sides and compare the results structurally. This is because 
terms that are weakly head reducible will never be considered structurally equal. 

Lemma 15 (Determinacy of Algorithmic Equality) 

1. IfM^M' and M ^> M" then M' = M" . 

2. If A h M < — ► N : t then there is no M' such that M ^ M' . 

3. If Ah M < — > N : r then there is no N' such that N ^> N' . 

4. If Ah M < — > N : t and Ah M < — ► N : r' then r = r' . 

5. If A h A < — > B : k and Ah A < — > B : k' then k = re'. 

Proof: The first part and parts (||) and (|5[) are immediate by structural induction. We only show 
the second part, since the third part is symmetric. Assume 

S w 

Ah M < > N :t and M ^ M' 

for some M'. We now show by simultaneous induction over S and W that these assumptions are 
contradictory. Whenever we have constructed a judgment such there is no rule that could conclude 
this judgment, we say we obtain a contradiction by inversion. 
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Case: 



x:t in A 



Ah x 



< > x : t 



whr n/ri 
X ► M 

Contradiction 



Assumption (W) 
By inversion 



Case: Structural equality of constants is impossible as in the case for variables. 
Case: 



Si 

g = A h Mi < — > Ni : r 2 -> ri 



T 2 

A h M 2 <^=> N 2 : r 2 



A h Mi M 2 < — ► Aq iV 2 : ri 



Here we distinguish two subcases for the derivation W of Mi M 2 M'. 
Subcase: 



Mi = (Xx-.Ai. M[) 
A h Mi < — ► iVi : r 2 
Contradiction 

Subcase: 



A h Mi 



Contradiction 



n 



{Xx-.Al M[)M 2 ^ [M 2 /x]M( 



Wi 

W= M 1 ^M{ 

Mi M 2 ^ M[ M 2 



Aq : r 2 — > n 



Assumption 
Assumption (<Si) 
By inversion 



Assumption (<Si) 
By ind. hyp. on Wi and S\ 



□ 



The completeness proof requires symmetry and transitivity of the algorithm. This would intro- 
duce some difficulty if the algorithm employed precise instead of approximate types. This is one 
reason why both the algorithm and later the logical relation are defined using approximate types 
only. 

Lemma 16 (Symmetry of Algorithmic Equality) 

1. If Ah M <=> N : r then Ah N M : r. 

2. If Ah M < — ► N : t then Ah N < — ► M : r. 
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3. If Ah A ^> B : k then Ah B <^> A : k. 

4. If Ah A < — > B : k then Ah B < — ► A : k. 

5. If Ah K L : kind" then A h L K : kind" . 

Proof: By simultaneous induction on the given derivations. □ 

Lemma 17 (Transitivity of Algorithmic Equality) 

1. If Ah M N : t and Ah N O : r then Ah M O : r. 

2. If Ah M < — ► N :t and Ah N < — ► O : r then Ah M < — ► O : r. 

3. If Ah A ^> B : k and Ah B C : « then Ah A ^> C : k. 

4. If Ah A < — > B : k and Ah B < — > C : k then Ah A < — > C : k. 

5. If Ah K L : kind" and A h L ^ V : kind" then Ah K L' : kind". 

Proof: By simultaneous inductions on the structure of the given derivations. In each case, we may 
appeal to the induction hypothesis if one of the two derivations is strictly smaller, while the other 



is either smaller or the same. The proof requires determinacy (Lemma 15). We only show some 
cases in the proof of property (1); others are direct. Assume we are given 

A h M N : t and A h N O : r 

We have to construct a derivation of A h M -4=^> O : r. We distinguish cases for and Tr. In 
case one of them is the extensionality rule, the other must be, too, and the result follows easily 
from the induction hypothesis. We show the remaining cases. 

Case: 

T[ 

Tl= M^M' Ah M'^N: a 



A h M <==^ N : a 

where Tr is arbitrary. 

A h M' <^=>- O : a By ind. hyp. (1) on T[ and T R 

Ah M O : a By rule (whr left) 

Case: 

T 

Tr= O^O' Ah N <=> O' : a 



Ah N <=> O : a 

where Tl arbitrary. 
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A I- M O' : a 
A h M O : a 



By ind. hyp. (1) on Tl and T' R 
By rule (whr right) 



Case: 



T' L T' R 
whr ^ A h M <^=^ TV' : a and T JV*JV" A h AT" O : a 



AhM <=> iV : a 



Ah JV O : a 



TV' = AT" 



By determinacy of weak head reduction (Lemma 15 (!])) 

By ind. hyp. (1) on T' L and T R . 



Case: 



Tr 



A h M N' : a 



and Tr 



A h M TV : a 



A h TV < — ► O : a 



A h TV O : a 



This case is impossible by determinacy of algorithmic equality (Lemma 15 (| 



Case: 



Tr 



S L 

A h M < — ► TV : a 
AhM <^=> TV : a 



and T; 



iV^TV' 



R 



T R 

A h TV' O : 



A h TV O : a 



This case is impossible by determinacy of algorithmic equality (Lemma |15 



Case: 



Tr 



Sl Sr 
AhM < — ► TV : a and <j- R = A h TV < — ► O : a 



A h M ^ iV : « 



A h TV ^> O : a 



Ah M < — ► O : a 
A h M O : a 



By ind. hyp. (2) on Sl and <Sr 

By rule 



□ 



4 Completeness of Algorithmic Equality 

In this section we develop the completeness theorem for the type-directed equality algorithm. That 
is, if two terms are definitionally equal, the algorithm will succeed. The goal is to present a flexible 
and modular technique which can be adapted easily to related type theories, such as the one 
underlying the linear logical framework [ CP98 . VC01 |, one based on ordered linear logic | PP99| , 
|Pol01 ], or one including subtyping [ Pfe93| or proof irrelevance and intensional types [PfeOl]. Other 
techniques presented in the literature, particularly those based on a notion of ^-reduction, do not 
seem to adapt well to these richer theories. 

The central idea is to proceed by an argument via logical relations defined inductively on the 
approximate type of an object, where the approximate type arises from erasing all dependencies in 
an LF type. 

The completeness direction of the correctness proof for type-directed equality states: 
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If r h M = N : A then r~ h M 



TV : A~ 



One would like to prove this by induction on the structure of the derivation for the given equality. 
However, such a proof attempt fails at the case for application. Instead we define a logical relation 
AhM = JVg [r] that provides a stronger induction hypothesis so that both 

1. if r h M = N : A then r~ h M = N G [A - ], and 

2. if r~ h M = iV G [A~] then r~ h M N G A~, 

can be proved. 

4.1 A Kripke Logical Relation 

We define a Kripke logical relation inductively on simple types. At base type we require the property 
we eventually would like to prove. At higher types we reduce the property to those for simpler 
types. We also extend it further to include substitutions, where it is defined by induction over the 
structure of the matching context. 

We say that a context A' extends A (written A' > A) if A' contains all declarations in A and 
possibly more. 

1. A h M = N G [a] iff A h M N : a. 

2. A h M = N G {n — > T 2 j iff for every A' extending A and for all Mi and N\ such that 
A' h Mi = iVi G In} we have A' h M M x = N N x G [r 2 ]. 

3. Ah A = B (£ [type"] iff A h A B : type". 

4. A h A = B £ [r — * k\ iff for every A' extending A and for all M and iV such that 
A' h M = N G [r] we have A'\-AM = BN & [k]. 

5. A 1- o- = 6» G [•] iff o- = • and = •. 

6. A h cr = # G l@,x:rj iff cr = (o>,M/x) and 6» = (9',N/x) where A h a' = 6»' G [6] and 
AhM = N £ It]. 

Four general structural properties of the logical relations that we can show directly by induction 
are exchange, weakening, contraction, and strengthening. We will use only weakening. 

Lemma 18 (Weakening of the Logical Relations) For all logical relations R, if A, A' h R 
then A,x:t, A' h R. 

Proof: By induction on the structure of the definition of R (either simple type, kind, or context). 
We show only the proof for the relation on types: If A, A' h M G [r] then A, x:6, A' h M = N G 




Case: r = a. 



A, A' h M = N G [a] 



Assumption 
By definition of [a] 




By weakening (Lemma 14) 



By definition of [a] 
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Case: r = t\ — > T2- 

Assumption 

New assumption 
By definition of > 
By definition of \t\ — > T2] and assumption 
By definition of [ri — > T2] 

□ 

4.2 Logically Related Terms are Algorithmically Equal 

It is straightforward to show that logically related terms are considered identical by the algorithm. 
This proof always proceeds by induction on the structure of the type. A small insight may be 
required to arrive at the necessary generalization of the induction hypothesis. Here, this involves 
the statement that structurally equal terms are logically related. This has an important consequence 
we will need later on, namely that variables and constants are logically related to themselves. 

Theorem 19 (Logically Related Terms are Algorithmically Equal) 

1. If A I- M = N G [r] then A h M ^> N : r. 

2. If A h A = B G [«], then Ah A ^> B : k. 

3. IfAhM < — ► N : t then A I- M = N e [r]. 

4. If Ah A < — ► B : k then A h A = B G [as]. 

Proof: By simultaneous induction on the structure of r. 
Case: r = a, part [p. 

A h M = N G [a] 
AhM N : a 

Case: k = type - , part ||. 

A h A = B G [type"] 
AHA <^> B : type- 
Case: r = a, part ||. 

AhM < — v JV : a 
A h M ^ JV : a 
A I- M = N G [a] 

Case: k = type", part ||. 



A,A'hM = JVE[r 1 ^r 2 ] 
A +) x:6, A' + h Mi = Ni & [n] 

for arbitrary A + > A and A^ > A' 
(A + ,x:fl,A' + )>(A,A') 
A+,x:0, A' + h MM 1 = N N x G [r 2 ] 
A, x:9, A' h M = N G [n -» t 2 1 



Assumption 
By definition of [a] 



Assumption 
By definition of [type - ] 



Assumption 
By rule 
By definition of [a] 
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A h A < — ► B : type" 
AHA <=4> B : type" 
Ahi = Be [type"] 

Case: r = r\ — > t 2 , part p]. 

AhM = JVG[ri^r 2 ] 

A, x:ri h x < > x : T\ 

A, x:t\ h x = x G [ti] 
A,x:ti h Mi = iVx G [r 2 ] 
A, x:ri h M x <J=> iV x : r 2 
A h M <^> AT : n r 2 

Case: «; = n — > « 2 , part [2|. 

A h A = B G Jri -» K2I 
A, x:ri h x < — ► x : ri 
A, x:t\ h x = x G [ti] 
A,x:ti \- Ax = B x £ [« 2 ] 
A,x:ri h Ax <^=^ B x : K2 
Ah A <^=> B : n -> k 2 



Assumption 
By rule 

By definition of [type"] 



Assumption 
By rule 
By i.h. m on ri 
By definition of [ti — » r 2 ] 
By i.h. |l| on r 2 
By rule 



Assumption 
By rule 
By i.h. |H on t\ 
By definition of \t\ — > k 2 ] 
By i.h. ^ on k 2 
By rule 



Case: t = t\ — ► r 2 , part 



A h M < — ► 
A+ h Mi = 
A + h Mi 
A + h M <— 
A + h M Mi 
A + h M Mi = N N\ G [r 2 
A h M = N G In -> t 2 ] 



A" : Ti — > r 2 

A^i G [ti] for an arbitrary A + > A 
=>• JVi : ti 
-> A' : T\ — > r 2 
< ► A^A^i : r 2 



Assumption 
New assumption 
By i.h. |l| on t\ 
By weakening (Lemma |l4|) 
By rule 
By i.h. |3| on r 2 
By definition of [ti — » t 2 ] 



Case: 



Ti — > k 2 , part I 



f? : ti — > k 2 

A^i G [ti] for an arbitrary A + > A 
=> JVi : n 
-> -B : ti — > k 2 
< — > BNx £ k 2 



A h A < — ► 
A + h Mi = 
A+ h Mi <= 
A + hA< — 
A + h A Mi 
A + h A Mi = B Ni e [k 2 
AhA = BGh^ K2 ] 



Assumption 
New assumption 
By i.h. [l] on ti 
By weakening (Lemma |l4|) 
By rule 
By i.h. |] on k 2 
By definition of [ti — > k 2 ] 



□ 
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4.3 Definitionally Equal Terms are Logically Related 

The other part of the logical relations argument states that two equal terms are logically related. 
This requires a sequence of lemmas regarding algorithmic equality and the logical relation. 



Lemma 20 (Closure under Head Expansion) 

1. IfM^M' and Ah M' 

whr 



2. IfN 



N G [r] then A h M = N G [rj. 
N' and Ah M = N' G M tfien A h M = iV G M. 



Proof: Each part follows by induction on the structure of r. We show only the first, since the 
second is symmetric. 



Case: r = a. 






Assumption 


A h M' = N G [a] 


Assumption 


A h M' N : a 


By definition of [a] 


A h M iV : a 


By rule (whr) 


A h M = N G [a] 


By definition of [a] 


Case: r = n — > T2- 






Assumption 



A h M' = N G [n -> r 2 ] 

A + h Mi = iVi G [tJ for A + > A 

A + h M' Mi = N Ni £ [r 2 ] 

M Mi ^ M' Mi 

A + h M Mi = JViVi £ [r 2 ] 

A h M = iV G fri r 2 ] 



Assumption 
New assumption 
By definition of [ri — > r 2 ] 

By rule 
By i.h. on r 2 
By definition of \t\ — > r 2 ] 

□ 



Lemma 21 (Symmetry of the Logical Relations) 

1. If Ah M = N £ [r] i/ien A h N = M G [r]. 

2. If A h A = B G [k] «ien A h S = A € [k]. 
5. // A h a = G [9] then A h = a G [0]. 



Proof: By induction on the structure of r, k, and 0, using Lemma 16. We show some represen- 
tative cases. 



Case: r 



a. 



A h M = N G lal 



A h M 
AhJV- 



M : a 



Assumption 
By definition of [a] 



A h N = M G [al 



By symmetry of type-directed equality (Lemma 16) 

By definition of [a] 
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Case: r = n — > r 2 . 



A h M = N 6 [n -> r 2 ] 

A + h iVi = Mi G [n] for A + > A 

A+ h Mi = Ni G In] 

A + h M Mi = N N\ £ [r 2 ] 

A + h iV iVi = M Mi G [r 2 ] 

A h jV = M g [n] 



Assumption 
New assumption 
By i.h. on n 
By definition of [n — > n] 
By i.h. on r 2 
By definition of [n — > r 2 ] 

□ 



Lemma 22 (Transitivity of the Logical Relations) 

1. If A\- M = N £ [t] and A h N = O £ [r] toera A h M = O G [r] 
£ 7/ A h A = B G [k] and A h B = C G [as] then A h A = C G [«]. 
5. 7/ A h a = G [9] and A h 9 = 5 G [6] then A h <r = 6 G [0]. 



Proof: By induction on the structure of r, k, and 0, using Lemma 17. We show some represen- 
tative cases. 

Case: r = a. Then the properties follows from the definition of [a] and the transitivity of type- 



directed equality (Lemma 17). 



A h M = N G [a] 
A h AT = O G fal 



A h M 
A h iV • 
A h M 



• N : a 
O : a 
0:a 



A h M = O G fal 



Assumption 
Assumption 
By definition of [a] 
By definition of [a] 



By transitivity of type-directed equality (Lemma 17) 

By definition of [a] 



Case: r = t\ 



t 2 . 



A h M = N G [n -»• r 2 ] 
A h AT = O G [n r 2 ] 
A+ h Mi = Oi G [n] for A. 
A+ h M M\ = NO x G [r 2 ] 
A+ h Oi = Mi G In] 
A+ h Oi = Oi g [n] 
A+ h ATOi = OOi G [r 2 ] 
A+ h MMi = OOi G [r 2 ] 



> A 



A I- M = O g [n 



t 2 J 



Assumption 
Assumption 
New assumption 
By definition of [n — > t 2 ] 
By symmetry (Lemma ^l]) 
By i.h. on n 
By definition of [n — ► t 2 ] 
By i.h. on r 2 
By definition of [n — ► t 2 ] 



□ 



Lemma 23 (Definitionally Equal Terms are Logically Related under Substitutions) 
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1. IfFhM = N:AandAha = 9£ \T~] then A h M[a] = N[9] G [A~l . 



2. IfFhA = B:KandAha = 9£ [T - ] then A h A[ct] = B[6] G [A -- ]. 

Proof: By induction on the derivation P of definitional equality, using the prior lemmas in this 
section. For this argument, some sub derivations of the equality judgment are unnecessary (in 
particular, those establishing the validity of certain types). We elide those premises and write 
". . . " instead. 

Case: 

x:A in T 
V ~ T\- x = x : A 



a h a = e g [r-] 

AhM = JVe [A~] for M/x in a and N/x in 9 By definition of fT - ] 

A h = x[9] G [A - ] By definition of substitution 



Case: 

c:A in £ 
V= Thc = c:A 



A h c < > c G [A - ] By rule 

A h c = c G [A - ] By Theorem P@ 



A h c[<r] = c[9] G [A ] By definition of substitution 



Case: 



r h Mi = Ni : Ux:A 2 . A 1 



V 2 

r h M 2 = N 2 : A 2 



r h M 1 M 2 = N 1 N 2 : \M 2 jx\A x 



A\-M 1 [a]=N 1 [9] G [Az^Aj] 

Ah M 2 [a}= N 2 [6] G [A 2 ] 

A h (MiH)(M 2 [(r]) = (JVi[0])(# 2 [0]) G [An 

A h (Mi M 2 )[a] = (iVi iV 2 )[0] G [A^] 



By i.h. on Pi 
By i.h. on 2? 2 
By definition of [t 2 — » n] 
By definition of substitution 



Case: 



P 2 

p = • • • T, rr:Ai h M 2 = iV 2 : A 2 

r h Xx:A[. M 2 = Xx:A'{. N 2 : Tlx: At. A 2 



A + h Mi = iVi G [A"] for A + > A New assumption 

A + \- a = 9 £ [r~] By weakening (Lemma ff8|) 

A+ h (<t,Mi/x) = (6,Ni/x) G [r-,x:A^l By definition of [A,x:r] 

A + h M 2 [a, Mi/x] = JV 2 [0, iVi/x] G [A^] By i.h. on P 2 
A + h (AxiA;. M 2 [a,x/x])M 1 = N 2 [9,N 1 /x\ G [A 2 ] 
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By closure under head expansion (Lemma 20) 
A + h (Xx:A[. M 2 [a,x/x])M 1 = (Xx:A'(. N 2 [8,x/x])N 1 G {A^j 



By closure under head expansion (Lemma 20) 
A + h ((Xx:A' v M 2 )[a]) M x = {(Xx:A'{. N 2 )[9}) N x G \A 2 \ By properties of substitution 

A h (Xx:A' v M 2 )[a] = (Xx:A'{. N 2 )[9] G {Aj -► A 2 j " By definition of [n -» r 2 ] 



Case: 



^2 

p = ... r,i:,4ihMi = iVi:A2 

r h M = TV : Tlx:Ai. A 2 



A + h Mi = Ni G {A^j for A + > A 
A+ h a = G [r-] 

A+ h (a, Mi/a;) = (^/x) G fT" sr^f] 
A + h (Mx)[a,Mi/x] = (jVx)[0, N\/x] G [A^] 
A+ h M[a] Mi = iV[0] iVi G [Aj ] 
A h M[<r] = N[9] G [A7 -> A 2 ~] 



New assumption 
By weakening (Lemma |l8|) 
By definition of [A, x:r] 
By i.h. on T> 2 
By properties of substitution 
By definition of [ti — > t 2 ] 



Case: 



r,x:Ai 



^2 

M 2 



A/* : A 9 



r h Mi = jvi 



An 



r h (Ax:Ai. M 2 )Mi = [N x /x]N 2 : [Mi/x]A 2 



a h o" = g [r-] 

A h Mi[cr] = Ni[6] G [A7] 

A h {a,M x [a\/x) = (0,N 1 [6]/x) G [T-,x:Ar] 

A h M 2 [a,M 1 [a]/x] = N 2 [9, Ni[9]/x] G [A£] 

A h [MM/A(M 2 [a,x/x\) = N 2 [9,N 1 [9]/x] G [A"] 

A h (Ax:A x . M 2 [(7,x/x])(MiH) = N x [9, N^/x] G [Aj] 



Assumption 
By i.h. on T>\ 
By definition of [8,x:ti] 
By i.h. on T> 2 
By properties of substitution 



A h ((Ax:Ai. M 2 )Mi)[cr] 
A h ((Ax:Ai. M 2 )Mi)[cr] 



By closure under head expansion (Lemma 20) 
([Ni/x]N 2 )[9] G [Aj ] By properties of substitution 

m/xmie] g \[m 1 /x\a-\ 



By erasure preservation (Lemma 13) 



Case: 



V 



V 

T h N = M : A 
T h M = TV : A 



A h a = # G [T-] 

a h = a g [r-] 

A h N[9] = M[a] G [A~l 
A h M[a] = N[9] G [A"] 



Assumption 
By symmetry (Lemma ^l]) 
By i.h. on D' 
By symmetry (Lemma ^l]) 
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Case: 



V 



v 1 

r h M = 0: A 



v 2 

r h O = N : A 



T h M = N : A 



Aha = 6e [T-] 

a h e = a g [r-] 

A h = 9 G [T-] 
A h M[<t] = O[0] G [A~ 
A h O[0] = N[9] G [A"' 
A h M[a] = N[9] G [A : 



Assumption 
By symmetry (Lemma ^l]) 



By transitivity (Lemma 22) 
By i.h. on T>\ 
By i.h. on T> 2 



By transitivity (Lemma 22) 



Case: 



V 



T \- M = N : B 



B = A: type 



T h M = N : A 



A h M[a] 
A h MM 



N[6] G B- 
iV[0] G A' 



By i.h. on 2?i 
By erasure preservation (Lemma 13) 



Case: T h a = a : K. As for constants c. 

Case: T h A\ M 2 = B\N 2 : [M 2 /x]Ki. As for applications Mi M 2 . 
Case: 



r h Ai = Bi : type 



V 2 

r, z:Ai h A 2 = £ 2 : type 



T h nx:Ai. A 2 = Ux:Bi. B 2 : type 



A h Ai <t ♦ 



Bi[0] G [type"] 
-+Bi[0] :type- 
A, x:A^ h x < — ► x : A^ 
A,x:A~ h x = x G |Aj~] 
A,x:Aj~ h (a,x/x) = (9,x/x) G [r - ,x:Af] 
A,x:A]~ h A 2 [ct,x/x] = £ 2 [<9,x/x] G [type - ] 
A,x:A^ h A 2 [cj, x/x] -B 2 [#,x/x] : type - 
A h Ux:Ai[a]. A 2 [a,x/x] <=^ IIx:Ei[0]. B 2 [0,x/x] : type - 
A h nx:Ai[o-j. A 2 [a,x/x] = lix-.B^O). B 2 [0,x/x] G [type"] 
A\-{Ux:A 1 .A 2 )[a] = (Ux:B l .B 2 )[9)eltype-} 

Case: Family symmetry rule. As for the object-level symmetry. 
Case: Family transitivity rule. As for the object-level transitivity. 
Case: Kind conversion rule. As for type conversion rule. 



By i.h. on T>\ 
By definition of [type - ] 
By rule 
By Theorem 
By definition of [G,x:ti] 
By i.h. on T> 2 
By definition of [type - ] 
By rule 

By definition of [type - ] 
By definition of substitution 
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□ 



Lemma 24 (Identity Substitutions are Logically Related) 

r- h id r = id r G [r-]. 



Proof: By definition of [r ] and part (E3) of Lemma 19. □ 



Theorem 25 (Definitionally Equal Terms are Logically Related) 

1. IfT\-M = N:A then Y~ h M = N G [A~] . 

2. IfT\-A = B:K then T~ h A = B <E [K~j. 



Proof: Directly by Lemmas 23 and (23. □ 



Corollary 26 (Completeness of Algorithmic Equality) 

1. IfT\-M = N:A then T~ h M N : A~ . 

2. If TV- A = B : K then T~ h A B:K~. 

Proof: Directly by Theorem ^ and Theorem [H]. □ 

5 Soundness of Algorithmic Equality 

In general, the algorithm for type-directed equality is not sound. However, when applied to valid 
objects of the same type, it is sound and relates only equal terms. This direction requires a number 
of lemmas established in Section ETq, but is otherwise mostly straightforward. 



Lemma 27 (Subject Reduction) 

IfM^M' and T h M : A then T h M' : A and T h M = M' : A. 

Proof: By induction on the definition of weak head reduction, making use of the inversion and 
substitution lemmas. 

Case: 

w= 



(Xx-.Ax. M 2 )Mi ^ [Mi/x]M 2 

T h (Xx-.Ax. M 2 ) Mi : A Assumption 
T h \x:Ai. M 2 : Tlx-.Bi. B 2 
T h Mi : Bi 

r h [M\/x\B 2 = A : type By inversion (Lemma |9|) 

rhii: type 
r,rc:Ai hM 2 : A 2 

r h Hx:Ai. A 2 = Hx:B\. B 2 : type By inversion (Lemma |9|) 
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r h Ai = Bi : type 

r, x:Ai h A2 = B 2 : type By injectivity of products (Lemma |l2|) 

T h [Mi/a;]M2 : [M 1 /x}A 2 By substitution (Lemma |) 

T h [Mi/x]A 2 = [Mi/x]S 2 : type By substitution (Lemma g) 

r h [Mi/:r]A 2 = A : type By transitivity 

r h [Mi/x]M% : A By rule (type conversion) 

r h Ax : type Copied from above 

T, x:Ax \- M 2 = M 2 : A 2 By reflexivity 

r h Mi = Mi : Ai By reflexivity 

T h (Az:Ai.M 2 ) Mi = [M 1 /x]M 2 : [Mi/x]A 2 By rule (parallel conversion) 

T h (Xx:Ai.M 2 ) Mi = [M 1 /x]M 2 : A By rule (type conversion) 



Case: 

Wi 

Mi M 2 ^ M[ M 2 

Assumption 

By inversion (Lemma |9|) 
By i.h. on Wi 
By rule (application) 
By rule (type conversion) 
By inductive hypothesis 
By reflexivity 
By rule (simultaneous congruence) 
By rule (type conversion) 

□ 

For the soundness of algorithmic equality we need subject reduction and validity (Lemma |7|). 
Theorem 28 (Soundness of Algorithmic Equality) Assume V is valid. 

1. J/rhM : A and T \- N : A and F~ h M N : A~ , then F h M = N : A. 

2. IfThM-.AandThN-.BandT-hM < — ► N : r, then T h M = N : A, T h A = B : type 
and A~ = B~ = r. 

3. IfThA-.KandThB-.KandT-hA <=^> B : K~ , then Th A = B : K. 

I IfThA-.KandThB-.LandT-hA < — > B : n, then T h A = B : K,Th K = L: kind 
and K~ = L~ = k. 

5. IfT\~K: kind and T h L : kind and T~ h K L : kind - then T h K = L : kind. 



r h Mi M 2 : A 

r h Mi : ILc:A 2 . A x 

r h M 2 : A 2 

r h [M 2 /x]Ai = A : type 

r h M( : ILe:A 2 . A x 

r h M{M 2 : [M 2 /x]Ai 

T h M{ M 2 : A 

r h Mi = M[ : ILc:A 2 . Ai 

r h M 2 = M 2 : A 2 

r h Mi M 2 = M[ M 2 : [M 2 /x]Ai 

I h Mi M 2 M' M 2 : ,1 
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Proof: By induction on the structure of the given derivations for algorithmic equality, using validity 
and inversion on the typing derivations. 



Case: 



x:t in T 



-> x : r 



T h x : A 
rhx:B 

x-.c in r,rhc = 

r h A = B : type 
T h x = x : C 
T h x = x : A 
A~ =B~ = C~ = 



A : type, V \- C = B : type 



Assumption 
Assumption 
By inversion (Lemma |9|) 
By symmetry and transitivity 
By rule 
By type conversion 
By erasure preservation (Lemma 13) 



Case: T ends in an equality of constants. Like the previous case 
Case: 

T 



V- h Mi 



N\ : t 2 — > T\ 



r- h Mo 



A r 2 : r 2 



r~ h Mi M 2 < ► JVi N 2 : n 



T h Mi M 2 : A 

T h iVi N 2 : S 

r h Mi : ILc:A 2 . 4l, 

T h M 2 : A 2 , and 

T h [M 2 /x]^i = A : type 

T h ILr:A 2 . Ai : type 

T\- A 2 : type 

T, x:vl 2 h Ay : type 

r h N t : Ux:B 2 . B u 

T h iV 2 : B 2 , and 

r h [iV 2 /x]Si = B : type 

T h Ux:B 2 . By : type 

V \- B 2 : type 

r,x :J B 2 h Si : type 

r h Mi = Ni : Ux:A 2 . A u 

T h LTx:A 2 . Ai = Ilx:B 2 . By : type, and 

(Ux:A 2 . At)~ = {Iix:B 2 . B x )~ = r 2 -» n 

r h A 2 = 5 2 : type and 

T,x:A 2 h = -Bi : type 

T h AT 2 : A 2 

T h M 2 = A^ 2 : A 2 

ThM 1 M 2 =N 1 N 2 : [M 2 /x]Ai 

T h Mi M 2 = N\ N 2 : A 

T h [M 2 /x]^i = [N 2 /x]B l : type 



Assumption 
Assumption 



By inversion (Lemma 9) 
By validity (Lemma 7) 

By inversion (Lemma P) 



By inversion (Lemma |9|) 
By validity (Lemma |7|) 

By inversion 



By i.h. on T\ 



a: 



b; 



b- 



Tl 



By injectivity of products (Lemma 12) 
By symmetry and type conversion 
By i.h. on T 2 
By rule 
By type conversion 
By family functionality 
By erasure preservation 
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Case: 



r _ M ^ M' r~ h M' iV : P~ 
r~ h M JV : P~ 

r h M : P Assumption 

T \- N : P Assumption 

rhP: type Validity (Lemma 0) 

r h M' : P By subject reduction (Lemma ^7|) 

r h M' = N : P By i.h. on T 

r h M = M' : P By subject reduction (Lemma 27) 



rhM = iV:P By transitivity 

Case: Reduction on the right-hand side follows similarly. 
Case: 



T 



S 

r - h M < — ► N : P 
T~ h M <=> N :P~ 



r h M : P Assumption 

r h N : P Assumption 

r h M = N : P By i.h. on S 

Case: 

j- _ r _ , x:t\ h M x N x : T2 
Fl-M iV : ti -> t 2 

r h M : LTx:^4i. A 2 Assumption 

r h N : Hx:Ai. A 2 Assumption 

T h Ux:Ai. A 2 : type By assumption 
rHii: type 

r, x:Ai h A2 : type Inversion 

Aj = T\ and = t 2 Assumption and definition of ()~ 

r, x: A\ h M x : A 2 By weakening and rule 

r, x:Ai h N x : A 2 By weakening and rule 

T, x:Ai h Mx = Nx : A 2 By i.h. on T 2 

T \- A\ : type By inversion (Lemma |9|) 

T \- M = N : Ilx:Ai. A 2 By extensionality rule 

□ 



Corollary 29 (Logically Related Terms are Definitionally Equal) 

Assume T is valid. 



32 



1. If TV- M : A,Th N : A, and F~ h M = N G \A~\, then T h M = N : A. 

2. If T \- A : K , T h B : K , and T~ h A = B <E [K~], then Th A = B : K. 



Proof: Direct from the assumptions and prior theorems. We show the proof for the first case. 

r~ |- M = N G [A~j Assumption 
rhM N : A" By Theorem |9 

r h M = N : A By Theorem |28 

□ 



6 Decidability of Definitional Equality and Type- Checking 

In this section we show that the judgment for algorithmic equality constitutes a decision procedure 
on valid terms of the same type. This result is then lifted to yield decidability of all judgments in 
the LF type theory. 

The first step is to show that equality is decidable for terms that are algorithmically equal 
to themselves. Note that this property does not depend on the soundness or completeness of 
algorithmic equality — it is a purely syntactic result. The second step uses completeness of algorith- 
mic equality and reflexivity to show that every well-typed term is algorithmically equal to itself. 
These two observations, together with soundness and completeness of algorithmic equality, yield 
the decidability of definitional equality for well-typed terms. 

We say an object is normalizing iff it is related to some term by the type-directed equivalence 
algorithm. More precisely, M is normalizing at simple type r iff A h M M' : r for some term 
M'. Note that by symmetry and transitivity of the algorithms, this implies that A h M M : r. 
A term M is structurally normalizing iff it is related to some term by the structural equivalence 

algorithm. That is, M is structurally normalizing iff A h M < > M' : r for some M'. A similar 

definition applies to families and kinds. Equality is decidable on normalizing terms. 

Lemma 30 (Decidability for Normalizing Terms) 

1. If A I- M <^> M' : t and A h N N' : r then it is decidable whether A h M ^> N : r. 

2. IfAhM < — > M' : ri and A h N < — > N' : r 2 then it is decidable whether Ah M < — > N : t 3 
for some T3. 

3. If Ah A <^=> A' : k and Ah5 <^=^> B' : k then it is decidable whether A h A B : k. 

4- If A h A < — > A' : K\ and A h B < — > B' : K2 then it is decidable whether A h A < — > B : K3 
for some K3 . 

5. If A h K <^=^> K' : kind - and A h L <^=^> V : kind - then it is decidable whether A h K <^=^ 
L : kind". 



Proof: We only sketch the proof of the first two properties — the others are similar. First note 
that A h M N : r iff A h M' N : r iff A h M ^=> N' : r iff A h M' N' : t, so 
decidability of one implies decidability of the others with equal results. Given this observation, we 
prove parts (||) and ((H) by simultaneous structural inductions on the given derivations. The critical 
lemma is the determinacy of algorithmic equality (Lemma 15). □ 



33 



Now we can show decidability of equality via reflexivity and completeness of algorithmic equality. 

Theorem 31 (Decidability of Algorithmic Equality) Assume T is valid. 

1. IfT\-M:AandT\-N:A then it is decidable whether T~ h M <=^ N : A~ . 

2. IfT\-A:KandT\-B:K then it is decidable whether T~ h A <^ B : K~ . 

3. IfY\~K: kind and Y h L : kind then it is decidable whether T~ h K -4=^> L : kind - . 

Proof: We show only the proof of part (|l|) since the others are analogous. 

By reflexivity of definitional equality (Lemma |2|) and the completeness of algorithmic equality 



(Corollary 26), both M and N are normalizing. Hence by Lemma |30|, algorithmic equivalence is 



decidable. □ 

Corollary 32 (Decidability of Definitional Equality) Assume T is valid. 

1. IfT\-M:AandT\-N:A then it is decidable whether V h M = N : A. 

2. IfT\-A:KandT\-B:K then it is decidable whether T h A = B : K . 

3. IfT h K : kind and Y h L : kind then it is decidable whether V h K = L : K . 

Proof: By soundness and completeness it suffices to check algorithmic equality which is decidable 
by Theorem 31. □ 



We now present an algorithmic version of type-checking that uses algorithmic equality as an 
auxiliary judgment. This is a purely bottom-up type-checker; more complicated strategies can also 
be justified with our results, but are beyond the scope of this paper. 



Objects 



x:A in F c:A in £ 



Families 



rhi^A rhc=>yi 

rhMi=> Ux:A' 2 . A x T h M 2 => A 2 T h A' 2 A 2 : type 
ThM 1 M 2 ^ [M 2 /x)A 1 
r h A x type T, x:A\ h M 2 A 2 
T h \x:A x . M 2 Tlx: At. A 2 

a => K in S 



T h a => K 

rhi^ Ux-.B'. K ThM=>B Th B' B : type 
r h AM =^ [M/x]K 
rhii^ type T, x:Ai \- A 2 type 
T h Ux:A x . A 2 type 
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Kinds 

r h A type T, x:A h K => kind 



T h type =3> kind T h IIx:A K => kind 

Similar rules exist for checking validity of signatures and contexts. 
Lemma 33 (Correctness of Algorithmic Type-Checking) Assume T is valid. 

1. (Soundness) IfT\- M A then T h M : A. 

2. (Completeness) If TV- M : A then V h M => A' for some A' such that V h A = A' : type. 

Proof: Part |l] follows by induction on the structure of the algorithmic derivation, using validity 
(Theorem |7|), soundness of algorithmic equality (Theorem 28) and the rule of type conversion. 



Part [2] follows by induction on the structure of the typing derivation, using transitivity of 
equality, inversion on type equality, and completeness of algorithmic equality. □ 

Theorem 34 (Decidability of Type-Checking) 

1. It is decidable ifT is valid. 

2. Given a valid V, M , and A, it is decidable whether V h M : A. 

3. Given a valid V, A, and K , it is decidable whether V h A : K . 
4- Given a valid T and K , it is decidable whether Y h K : kind. 

Proof: Since the algorithmic typing rules are syntax-directed and algorithmic equality is decidable 
(Theorem ^T]), there either exists a unique A' such that r h M =>■ A' or there is no such A'. By 
correctness of algorithmic type-checking we then have r h M : A iff T h A' = A : type, which is 
decidable by Theorem 32. □ 



The correctness of algorithmic type-checking also allows us to show strengthening, and a stronger 
form of the extensionality rule. 

Theorem 35 (Strengthening) For each judgment J of the type theory, if T,x:A,T' h J and 
x FV(r') U FV(J), then V, V h J. 

Proof: Strengthening for the algorithmic version of type-checking follows by a simple structural in- 
duction, taking advantage of obvious strengthening for algorithmic equality. Strengthening for the 
original typing rules then follows by soundness and completeness of algorithmic typing. Strength- 



ening for equality judgments follows from completeness (Corollary Eq), soundness (Theorem 28) 



and strengthening for the typing judgment. □ 

Corollary 36 (Strong Extensionality) The typing premises for M and N in the extensionality 
rule are redundant. That is, the following strong form of extensionality is admissible: 

r h A\ : type T, x:A\ h M x = N x : A 2 
r h M = N : ILx-.Al A 2 
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Proof: By inversion and strengthening. 



T,x:Ai h Mx : A 2 

T,x:Ai h M : Ux:B v B 2 , 

T, x:A\ \- x : B\, and T, x:A\ \- B 2 = A 2 : type 

r h = Si : type 

r h ILc:^. B 2 = Tlx: A x . A 2 : type 

T,x:Ai h M : nx:^i. A 2 

r h M : ILr:yli. A 2 

r h iV : Iix:A x . A 2 

TV- M = N : TLx-.Ax. A 2 



By validity 

By inversion (Lemma |9|) 
By inversion and strengthening 

By rule 

By rule (type conversion) 
By strengthening 
Similarly 
By extensionality 



□ 

7 Quasi- Canonical Forms 

The representation techniques of LF mostly rely on compositional bijections between the expressions 
(including terms, formulas, deductions, etc.) of the object language and canonical forms in a meta- 
language, where canonical forms are 77-long and /3-normal forms. So if we are presented with an LF 
object M of a given type A and we want to know which object-language expression M represents, 
we convert it to canonical form and apply the inverse of the representation function. 

This leads to the question on how to compute the canonical form of a well-typed object M of type 
A in an appropriate context T. Generally, we would like to extract this information from a derivation 
that witnesses that M is normalizing, that is, a derivation that shows that M is algorithmically 
equal to itself. This idea cannot be applied directly in our situation, since a derivation T~ h M <^=^ 
M : A~ yields no information on the type labels of the A-abstractions in M. Fortunately, these turn 
out to be irrelevant: if we have an object M of a given type A which is in canonical form, possibly 
with the exception of some type labels, then the type labels are actually uniquely determined up 
to definitional equality. 

We formalize this intuition by defining quasi-canonical forms (and the auxiliary notion of quasi- 
atomic forms) in which type-labels have been deleted. A quasi-canonical form can easily be ex- 
tracted from a derivation that shows that a term is normalizing. Quasi-canonical forms are sufficient 
to prove adequacy theorems for the representation, since the global type of a quasi-canonical form 
is sufficient to extract an LF object unique up to definitional equality applied to type labels. The 
set of quasi- canonical (QC) and quasi-atomic (QA) terms are defined by the following grammar: 

Quasi- canonical objects M ::= M \ Xx. M 
Quasi-atomic objects M ::= x \ c \ MM 

It is a simple matter to instrument the algorithmic equality relations to extract a common 
quasi-canonical or quasi-atomic form for the terms being compared. Note that only one quasi- 
canonical form need be extracted, since two terms are algorithmically equivalent iff they have the 
same quasi-canonical form. The instrumented rules ell C clS follows: 
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Instrumented Type-Directed Object Equality 

M^M' Ah M' <=> N :aft6 N ^ N' Ah M N' : aft 6 

Ah M <=>N :aftO Ah M <=> N : aft 5 

Ah M< — >N:a[0 A, x:n h Mx Nx : r 2 ft 6 

Ah M TV : a ft 6 Ah M <^> AT : n -»• r 2 ft Xx. 6 

Instrumented Structural Object Equality 

x:t in A c:A in £ 

A h x < — > x : r I x Ah c < — > c : j c 

A h Mi < — > N\ : T2 —> T\ I 0\ Ah M 2 ^- N 2 :t 2 ft 2 

A h Mi M 2 < > Aq AT 2 : n j Oi (5 2 

It follows from the foregoing development that every well-formed term has a unique quasi- 
canonical form. We now have the following theorem relating quasi-canonical forms to the usual 
development of the LF type theory. We write |M| for the result of erasing the type labels from an 
object M. 

Theorem 37 (Quasi-Canonical and Quasi-Atomic Forms) 

1. IfTh Mi: A and T h M 2 : A and F h M 1 <==> M 2 : A~ ft 6, then there is an N such that 
\N\ = O , T h N : A, T h Mi = N : A and T h M 2 = N : A. 

2. IfTh M x : Ai and V h M 2 : A 2 and F~ h Mi * — > M 2 : r ft O then T h A x = A 2 : type, 
A\ = A 2 = t and there is an N such that \N\ = O, T h N : A\, V h Mi = N : A 1 and 
r h M 2 = N : Ai. 

Proof: By simultaneous induction on the instrumented equality derivations. It is critical that we 
have the types of the objects that are compared (and not just the approximate type) so that we 
can use this information to fill in the missing A-labels. □ 

Note the N in the theorem above is uniquely determined up to definitional equality of the type 
labels, since O and O determine N in all other respects. This result shows that all adequacy proofs 
for LF representation on canonical forms still hold. In fact, they can be carried out directly on 
quasi-canonical forms. 

We can also directly state and prove prove adequacy theorems for encodings of logical systems 
in LF using quasi-canonical forms. It is interesting to observe that the type labels on A's are not 
necessary for this purpose; in an adequacy theorem, the type of the bound variable is determined 
from context. For example, the following relation sets up a compositional (natural) bijection 
between (a) terms and formulas of first-order logic over a given first-order signature and (b) quasi- 
canonical forms of types i and o, respectively, in the signature of first-order logic. We only show 
an excerpt, illustrating the idea over the signature 



c f : t -» >i 

c= : l — > l — > o 

c A : o — > o — > o 

cy : (l — > o) —> o 
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Let r be a context of the form x±:i, . . . ,x n u for some n > 0. A correspondence relation between 
terms and formulas with (free) variables among the x±, . . . ,x n and quasi-canonical objects of type 
i and o, respectively, over that signature and context may be defined as follows: 



r h x «^ x : i 

Wtx^Mx-.i ... r h t n M n : t r h ti <^ Mi : i T h t 2 <^ M 2 : t 
r h /(ti, . . . , t n ) c/ Mi . . . M n : t r h ii=t 2 ^ c= Mi M 2 : o 

r h 0i <~^-> Mi : o r h </>2 M2 : o 
T h 0i A 02 c A Mi M 2 : o 

r, x:t h ^> M : o 
T h Vx. <r~> cv (Ax. M) : o 

Theorem 38 (Adequacy for Syntax of First-Order Logic) Let V be a context of the form 
xi : 1, . . . , x n : 1 for some n > 0. 

1. The relation F h t M : 1 is a compositional bijection between terms t of first- order logic 
over variables x\, ... ,x n and quasi- canonical forms M of type 1 relative to T. 

2. The relation V h M : o is a compositional bijection between formulas with free 
variables among x\, ... ,x n and quasi- canonical forms M of type o relative to T. 

Proof: We establish by induction over the t and that for every term t and formula there exist a 
unique M and iV and derivations of T h t M : 1 and T h : 0, respectively. Similarly, we 

show that for a quasi-canonical M and N at type i and o, respectively, there exists unique related 
t and 0. This establishes a bijection. To see that it is compositional we use an induction over the 
structure of terms t and formulas 0. □ 

Adequacy at the level of derivations can be established by analogous means. 

8 Conclusions 

We have presented a new, type-directed algorithm for definitional equality in the LF type theory. 
This algorithm improves on previous accounts by avoiding consideration of reduction and its as- 
sociated meta-theory and by providing a practical method for testing definitional equality in an 
implementation. The algorithm also yields a notion of canonical form, which we call quasi-canonical, 
that is suitable for proving the adequacy of encodings in a logical framework. The omission of type 
labels presents no difficulties for the methodology of LF, essentially because abstractions arise only 
in contexts where the domain type is known. The formulation of the algorithm and its proof of 
correctness relies on the "shapes" of types, from which dependencies on terms have been eliminated. 

Surprisingly, it was the soundness proof for the algorithm, and not its completeness proof, that 
presented some technical difficulties. In particular, we have eliminated family-level A-abstractions 
from our formulation of the type theory in order to prove injectivity of products syntactically. 
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The type-directed approach scales to richer languages such as those with unit types, prod- 
ucts, and linear types [ VC01 |, ordered types PP99j , PolOl], and proof irrelevant and intensional 



types [PfeOl] precisely because it makes use of type information during comparison. For example, 
one expects that any two variables of unit type are equal, even though they are structurally distinct 
head normal forms. A similar approach is used by Stone and Harper [ |5H00 | to study a dependent 



type theory with singleton kinds and subkinding. There it is impossible to eliminate dependencies, 
resulting in a substantially more complex correctness proof, largely because of the loss of symmetry 
in the presence of dependencies. Nevertheless, the fundamental method is the same, and results in 
a practical approach to checking definitional equality for a rich type theory. 

A major open question is if our technique be extended to handle the full Calculus of Construc- 
tions. We require injectivity of products rather early, which would seem to be difficult to attain. 



Furthermore, long normal forms, while still cleanly definable [DHW92], are not stable under sub 



stitutions which complicates the type-directed equality algorithm. 
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